This Privacy Policy explains how Velta BV (“Velta”, “we”, “us”), operating the Pondria service, collects and uses personal data, and the rights you have. Pondria is a business-to-business capacity-planning and revenue-forecasting tool delivered only through an authenticated account.
1. Who we are and controller identity
The controller for personal data described in this policy is Velta BV, Beekstraat 17, 3545 Halen, Belgium, VAT and enterprise number BE 1024.208.746. You can reach us for any privacy matter at help@pondria.ai. Company details are also listed on our Imprint.
Velta BV is established in the EU (Belgium), so no Article 27 EU representative is required. No Data Protection Officer is appointed, as our processing does not require one; privacy questions go to help@pondria.ai.
When we process the planning data that customers enter about their own people and projects, we act as a processor on the customer’s behalf, governed by our Data Processing Agreement. For account, billing, and security data, we act as a controller, and this policy applies.
2. Scope
This policy covers the Pondria application and the public pages that describe it. It does not cover third-party websites or services that we link to, which have their own privacy practices.
3. The personal data we collect
- Account data: your email address, a hashed password, and your name.
- Organization and team data: the organizations, teams, and roles you belong to.
- Planning data: the content customers enter, including persons, allocations, projects, clients, and comments.
- Billing metadata: subscription, plan, and seat information needed to bill an organization. Card and payment details are handled by Stripe and are never stored by Pondria.
- Technical error data: diagnostic information processed by Sentry when something goes wrong, described further below.
- Usage analytics: aggregate, cookieless measurements of how the public site and the app are used, such as the page visited, the referring page, and coarse device or browser type derived from the request. This data is anonymized, is not tied to your account, and builds no profile of you. It is described further in our Cookie Notice.
4. How and why we use your data, and our legal bases
- To provide the Service (creating and managing accounts, delivering planning and forecasting functionality): performance of a contract under Article 6(1)(b) GDPR.
- For security, error monitoring, and trial-abuse prevention (keeping the Service reliable and secure, and enforcing the one-trial-per-person rule): our legitimate interests under Article 6(1)(f) GDPR.
- To measure and improve the Service (understanding, in aggregate, how the public site and the app are used, through cookieless analytics that set no cookies, use no persistent identifier, and build no profile of you): our legitimate interests under Article 6(1)(f) GDPR.
- To meet our legal obligations (retaining billing and accounting records for the period required by Belgian tax and accounting law): compliance with a legal obligation under Article 6(1)(c) GDPR.
No processing currently relies on consent. Where we rely on legitimate interests, you may object as described under your rights below.
5. Cookies and local storage
Pondria uses only essential and functional storage, and no advertising or cross-site tracking. Site usage is measured with first-party, cookieless web analytics that sets no cookies and stores nothing on your device, so there is no cookie-consent banner. Our Cookie Notice sets this out in full; in summary, we store:
| Item | Type | Purpose | Duration |
|---|---|---|---|
| HttpOnly session cookie | Essential | Authentication (keeps you signed in) | Session |
| localStorage: theme | Functional | Remembers your light or dark theme | Until changed |
| localStorage: last organization | Functional | Remembers your last-selected organization | Until changed |
| localStorage: language | Functional | Remembers your language preference | Until changed |
| sessionStorage: OAuth-state nonce | Essential | Protects the sign-in (OAuth) flow | Minutes (cleared after sign-in) |
| sessionStorage: chunk-reload guard | Essential | Recovers from a stale app version after a deploy, without reload loops | Session |
We do not use Sentry Session Replay, and detailed personal-data collection in error monitoring is switched off.
6. Error monitoring
We use Sentry to detect and diagnose technical errors, which helps us keep the Service reliable and secure. This processing relies on our legitimate interests. In the course of a network connection, your IP address is visible at the connection level. Sentry runs in an EU (Frankfurt) region and acts as a processor under its own data-processing agreement. Session Replay and detailed collection of personal data are switched off. You may object to this processing under Article 21 GDPR by contacting us.
7. Trial-abuse email hash
After an account is deleted, we keep a salted one-way hash of the associated email address. Its sole purpose is to enforce the rule that each person receives a single free trial, so that a new trial cannot be obtained simply by deleting an account and signing up again. This relies on our legitimate interest in preventing abuse. The hash cannot be reversed to recover the email address. Apart from this hash and the legally required billing and invoice records described under Data retention below, no data is kept after an account is deleted.
8. Subprocessors
We rely on the following subprocessors to operate the Service:
- Supabase: database and authentication hosting (EU region).
- Vercel Inc. (United States): static frontend hosting and edge request routing over a global edge network, and first-party, cookieless web analytics. For analytics, Vercel processes on our behalf the page visited, the referring page, and coarse device and browser information derived from the request; this data is anonymized, sets no cookies, and uses no persistent identifier. Vercel does not store the planning data an organization enters. Transfers are safeguarded by EU Standard Contractual Clauses (SCCs).
- Amazon Web Services: backend hosting and transactional email through Amazon SES (EU, Frankfurt / eu-central-1).
- Sentry: error monitoring (EU/Frankfurt region).
- Stripe: payment processing (United States).
- Google, Microsoft, and GitHub: social sign-in identity providers, used only when a user chooses to sign in with one of them (United States).
Looking ahead, Anthropic is a planned subprocessor for future artificial-intelligence features. Those features are not active in v1, and no data is sent to Anthropic today.
9. International transfers
Primary processing takes place in the EU/EEA. Where a subprocessor processes personal data outside the EEA, that transfer is covered by the EU Standard Contractual Clauses or the provider’s EU-US Data Privacy Framework certification, as set out in that provider’s data processing agreement.
10. Data retention
We keep account and planning data for as long as the account or organization is active. When an account or organization is deleted, the data is removed within the 30-day grace window that follows. After deletion we retain only (a) the salted one-way hash of the email address, used to prevent trial abuse, and (b) billing and invoice records that we and Stripe are required by law to keep, currently seven years under Belgian accounting law.
11. Your rights
Subject to applicable law, you have the right to access, rectification, erasure, restriction, portability, and objection regarding your personal data. To exercise any of these rights, email help@pondria.ai. You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit / Autorité de protection des données), Rue de la Presse 35, 1000 Brussels, Belgium. Where we act as a processor for a customer, we will direct requests to the relevant customer as the controller.
12. Security
We apply technical and organizational measures appropriate to the risk, including encryption of data in transit and at rest, HttpOnly session cookies, row-level security in the database, least-privilege access controls, and EU-region hosting. No system can be guaranteed completely secure, but we work to protect your data and to respond promptly to any incident.
13. Children
Pondria is a business tool and is not directed to anyone under the age of 16. We do not knowingly collect personal data from children.
14. AI features (forward-looking)
Artificial-intelligence functionality is planned for a future version (v2 and beyond) and is not active in v1. When such features are introduced, Anthropic is expected to act as a subprocessor, and this policy will be updated to describe the processing and its legal basis before any AI feature is switched on.
15. Changes to this policy
We may update this Privacy Policy from time to time. When changes are material, we will take reasonable steps to notify you. The “Last updated” date at the top of this page reflects the latest revision.
16. How to contact us
For any privacy question or request, email help@pondria.ai. See also our Terms of Service, our Data Processing Agreement, and our Imprint.